I've got a problem with vsftpd on a new CentOS system. Most users can login and list and everything but when they want to transfer files the client says "transfer failed" or so. However, it works fine with two users. Of course, these two have been created by me and used only by me. So, I didn't detect the problem before other users tried to upload. I tried with the command line ftp client and get this:
ftp> put medlingua_beta.sql local: medlingua_beta.sql remote: medlingua_beta.sql 229 Entering Extended Passive Mode (|||59620|) 150 Ok to send data. 0% | | 0 0.00 KB/s --:-- ETAftp: netout: Connection reset by peer 0% | | -1 0.00 KB/s --:-- ETA 451 Failure writing to local file.
vsftpd logs "FAIL UPLOAD:" for this, nothing else. Of course, first thought is there might be some permission problem. However, I checked everything and the directory permissions are identical with the two accounts that work. Same goes for the user details they have. They only difference is that one of the two accounts is uid 50x while all the others are over 10000 - including the second one that works. All users have login shell /bin/false, are in /home and are chrooted to their homedir.
The same users with the same directory setup, permissions and everything work fine on the old machine with vsftpd 1.1 (CentOS has 2.0). The vsftpd configuration is basically how it is when installed from base plus a few additional settings (like write-enable=yes etc.). SELINUX is in permissive mode and there are no advanced ACLs in effect. The baffling thing is that it works for these two (and maybe other users I haven't identified yet), but not for the majority, although all seem to be setup equivalent. One other thing I just notice is that I can delete root-owned files (standard 644 permissions) with any of the FTP users (the working and the non-working ones) which should not be possible at all.
Any hints?
Kai
Check to make sure its not a problem on the client side - are there personal firewalls blocking port 20/21?
Kai Schaetzl wrote:
I've got a problem with vsftpd on a new CentOS system. Most users can login and list and everything but when they want to transfer files the client says "transfer failed" or so.
Ryan wrote on Sat, 01 Apr 2006 18:06:37 -0500:
Thanks for the fast answer!
Check to make sure its not a problem on the client side - are there personal firewalls blocking port 20/21?
I'm doing all the tests myself. So, I logged in with the client's credentials and verified I can't create new files (or overwrite existing ones). I forgot to tell earlier that the file is created but with 0 bytes. I can delete that 0 byte file with the same user. When I try to create a new directory it fails completely. At the same time I can login to the two working accounts and transfer files to them. So, it cannot be a network or client-side problem. Also, I can create a new account and write to it. It must be something specific to the users, however, I don't see any difference in passwd or other related files that makes them special. Also, I'm concerned that users can delete files they shouldn't have the right to. At least in their homedir which they are chrooted, too. It's the first time that vsftpd makes me any problems, but it's also the first time that I use 2.0.
Kai
I'm now almost sure that this is a bug in vsftpd 2.0.2 or at least the CentOS package of it. I had misinterpreted the xferlog first, it was only one account that couldn't transfer files. After a lot of trying and renaming it turns out that *any* user (I didn't try with root and similar, though, but with ordinary users I can throw away) who's primary group id is 10174 (group name doesn't matter) cannot transfer files via FTP. The transfer fails as described earlier. I didn't try with a different ftpd and I don't have another CentOS system at the moment where I could double-check it. But I have done everything else I could imagine to rule out other causes. I also uninstalled and reinstalled the vsftpd rpm with yum. Would anyone here like to review this finding? Or knows a different cause of this problem than vsftpd?
Kai
-
Kai Schaetzl -
Ryan